General
-
Target
Quotation-pdf-scan-copy.001
-
Size
395KB
-
Sample
220201-sdyfdsgbbk
-
MD5
1979997f3393b99d4ea138955256d2ce
-
SHA1
c851e845edd693e64ab843cb82143cff795dc5a2
-
SHA256
eed95452ed384be7eb025447726d898ced9727dfa69522539329e693891d56e9
-
SHA512
4230c875e0cef0ef8a812bab4aeb452dbe90d03ad67932f89643ec371ab2034a9337925ebb19d563fd590dde970b18446709da8fa526c57f5ad63ab6967b3025
Malware Config
Extracted
formbook
4.1
m17y
dental-implants-us-prices.site
eolegends.online
drskinstudio.com
miamivideomapping.com
cqytwater.com
fesfe.net
dlautostore.com
wwwpledge.com
trynutiliti.com
551milesoak.com
jemmetalfab.com
teamtrinitysellsncarolina.com
injurypersonallawyer.com
r3qcf2.xyz
djellaba-boutique.com
t6fwagd.xyz
lm-upto100.com
shyashijz.com
classicbasilicata.com
exactias.com
Targets
-
-
Target
Quotation-pdf-scan-copy.exe
-
Size
559KB
-
MD5
6c1c5e57b9051fa432bfa5f29d71e5a6
-
SHA1
a818b8d1c0ddac0f965c3841bafe845a848ff43f
-
SHA256
95773ba387f93d567c9b0dd7e7c6a71e67e9545b146231c7acfc24d040fdd249
-
SHA512
aab3c398821be5779c85a0b8ea4edb55d95e87dce1c44362b13a9bcefac557a2e7cf6619c227187eb3501f3e6c4b27faa2e809dba49ebe5c4ad8585630515b7e
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-